package com.cssiot.weixin.basic.util;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.UnrecoverableKeyException;

import javax.net.ssl.SSLContext;

import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.client.HttpClients;

public class HttpClientSslHelper {

    private static final String KEY_STORE_TYPE_BKS = "bks";

    private static final String KEY_STORE_TYPE_P12 = "PKCS12";

    private static final String SCHEME_HTTPS = "https";

    private static final int HTTPS_PORT = 8443;

     

    private static final String KEY_STORE_CLIENT_PATH = "D:/apache-tomcat-8.0.26-testHttps/doubleWay/client.p12";

    private static final String KEY_STORE_TRUST_PATH = "D:/apache-tomcat-8.0.26-testHttps/doubleWay/truststore.bks";

    private static final String KEY_STORE_PASSWORD = "123456";

    private static final String KEY_STORE_TRUST_PASSWORD = "123456";

    private static KeyStore keyStore;

    private static KeyStore trustStore;

    public static CloseableHttpClient getSslHttpClient() {

    	CloseableHttpClient httpsClient =HttpClients.createDefault();

        try {
            // 服务器端需要验证的客户端证书

            keyStore = KeyStore.getInstance(KEY_STORE_TYPE_P12);

            // 客户端信任的服务器端证书

            trustStore = KeyStore.getInstance(KEY_STORE_TYPE_BKS);

            InputStream ksIn =  new FileInputStream(new File(KEY_STORE_CLIENT_PATH));
            
            InputStream tsIn = new FileInputStream(new File(KEY_STORE_TRUST_PATH));
            try {

                keyStore.load(ksIn, KEY_STORE_PASSWORD.toCharArray());

                trustStore.load(tsIn, KEY_STORE_TRUST_PASSWORD.toCharArray());

            } catch (Exception e) {

                e.printStackTrace();

            } finally {

                try {

                    ksIn.close();

                } catch (Exception ignore) {

                }

                try {

                    tsIn.close();

                } catch (Exception ignore) {

                }

            }

            SSLSocketFactory socketFactory = new SSLSocketFactory(keyStore, KEY_STORE_PASSWORD, trustStore);

            Scheme sch = new Scheme(SCHEME_HTTPS, socketFactory, HTTPS_PORT);

            httpsClient.getConnectionManager().getSchemeRegistry().register(sch);

        } catch (Exception e) {

            e.printStackTrace();

        }  

        return httpsClient;

    }
    
    public static void main(String[] args) {
    	try {
			CloseableHttpClient client = getSslHttpClient();
			String url = "https://localhost:8443/wx/hello/rest/123";
			HttpGet get = new HttpGet(url);
			CloseableHttpResponse resp = client.execute(get);
			int statusCode = resp.getStatusLine().getStatusCode();
			if(statusCode>=200&&statusCode<300) {
				System.out.println("restGet请求返回成功");
			}
		} catch (ClientProtocolException e) {
			e.printStackTrace();
		} catch (IOException e) {
			e.printStackTrace();
		}
	}

}